Hackers uncover new TheTruthSpy stalkerware victims: Is your Android device compromised?
Reading Time: 3 minutesA consumer-grade spyware operation called TheTruthSpy poses an ongoing security and privacy risk to thousands of people whose Android devices are unknowingly compromised with its mobile surveillance apps, not least due to a simple security flaw that its operators never fixed.
Now, two hacking groups have independently found the flaw that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers.
Switzerland-based hacker maia arson crimew said in a blog post that the hacking groups SiegedSec and ByteMeCrew identified and exploited the flaw in December 2023. Crimew, who was given a cache of TheTruthSpy’s victim data from ByteMeCrew, also described finding several new security vulnerabilities in TheTruthSpy’s software stack.
SPYWARE LOOKUP TOOL
You can check to see if your Android phone or tablet was compromised here.
The latest batch of data includes the Android device identifiers of every phone and tablet compromised by TheTruthSpy up to and including December 2023. The data shows TheTruthSpy continues to actively spy on large clusters of victims across Europe, India, Indonesia, the United States, the United Kingdom, and elsewhere.
Security bug in TheTruthSpy exposed victims’ device data
For a time, TheTruthSpy was one of the most prolific apps for facilitating secret mobile device surveillance.
TheTruthSpy is one of a fleet of near-identical Android spyware apps, including Copy9 and iSpyoo and others, which are stealthily planted on a person’s device by someone typically with knowledge of their passcode. These apps are called ‘stalkerware,’ or ‘spouseware,’ for their ability to illegally track and monitor people, often spouses, without their knowledge.
Apps like TheTruthSpy are designed to stay hidden on home screens, making these apps difficult to identify and remove, all the while continuously uploading the contents of a victim’s phone to a dashboard viewable by the abuser.
But while TheTruthSpy touted its powerful surveillance capabilities, the spyware operation paid little attention to the security of the data it was stealing.
Given the simplicity of the bug, its public exploitation was only a matter of time.
TheTruthSpy linked to Vietnam-based startup, 1Byte
This is the latest in a streak of security incidents involving TheTruthSpy, and by extension the hundreds of thousands of people whose devices have been compromised and had their data stolen.
But TheTruthSpy’s poor security practices and leaky servers also helped to expose the real-world identities of the developers behind the operation, who had taken considerable efforts to conceal their identities.
Our investigation found that the false identities were linked to bank accounts in Vietnam run by 1Byte employees and its director, Van Thieu. At its peak, TheTruthSpy made over $2 million in customer payments.
After the U.S. web hosts booted TheTruthSpy from their networks, the spyware operation is now hosted on servers in Moldova by a web host called AlexHost, run by Alexandru Scutaru, which claims a policy of ignoring U.S. copyright takedown requests.
Though hobbled and degraded, TheTruthSpy still actively facilitates surveillance on thousands of people, including Americans.
For as long as it remains online and operational, TheTruthSpy will threaten the security and privacy of its victims, past and present. Not just because of the spyware’s ability to invade a person’s digital life, but because TheTruthSpy cannot keep the data it steals from spilling onto the internet.
- This spyware lookup tool says if your Android device was compromised
- Behind the stalkerware network spilling the private phone data of hundreds of thousands
- Inside TheTruthSpy, the stalkerware network spying on thousands
- Fake passports, real bank accounts: How TheTruthSpy stalkerware made its millions
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG